PT-2022-20951 · Unknown · Kity Minder
Zer0Yu
·
Published
2022-06-09
·
Updated
2022-06-15
·
CVE-2022-31830
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Kity Minder version 1.3.5
Description
The issue is related to a Server-Side Request Forgery (SSRF) that was discovered in Kity Minder. This SSRF occurs via the
init function at ImageCapture.class.php.Recommendations
For Kity Minder version 1.3.5, consider restricting access to the
init function in ImageCapture.class.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kity Minder